Safe parsing of HEIF framecount information
Bug: 215002587
Test: POC described in bug
Change-Id: I92f8fdfe860cb360fb0ae099db3c92776ba7390f
diff --git a/media/libheif/HeifDecoderImpl.cpp b/media/libheif/HeifDecoderImpl.cpp
index b28ae70..041b427 100644
--- a/media/libheif/HeifDecoderImpl.cpp
+++ b/media/libheif/HeifDecoderImpl.cpp
@@ -26,6 +26,7 @@
#include <binder/IMemory.h>
#include <binder/MemoryDealer.h>
#include <drm/drm_framework_common.h>
+#include <log/log.h>
#include <media/mediametadataretriever.h>
#include <media/stagefright/MediaSource.h>
#include <media/stagefright/foundation/ADebug.h>
@@ -422,7 +423,13 @@
initFrameInfo(&mSequenceInfo, videoFrame);
- mSequenceLength = atoi(mRetriever->extractMetadata(METADATA_KEY_VIDEO_FRAME_COUNT));
+ const char* frameCount = mRetriever->extractMetadata(METADATA_KEY_VIDEO_FRAME_COUNT);
+ if (frameCount == nullptr) {
+ android_errorWriteWithInfoLog(0x534e4554, "215002587", -1, NULL, 0);
+ ALOGD("No valid sequence information in metadata");
+ return false;
+ }
+ mSequenceLength = atoi(frameCount);
if (defaultInfo == nullptr) {
defaultInfo = &mSequenceInfo;